Upload
salyashlove
View
52
Download
3
Tags:
Embed Size (px)
Citation preview
Introduction to Introduction to WatchGuard Dimension™WatchGuard Dimension™
WatchGuard Training
Introduction to WatchGuard DimensionIntroduction to WatchGuard Dimension
What is WatchGuard Dimension?
Deploy WatchGuard Dimension
Configure WatchGuard Dimension
Use WatchGuard Dimension
Support WatchGuard Dimension
WatchGuard Training 22
What is WatchGuard Dimension?What is WatchGuard Dimension?
WatchGuard Training 33
What is WatchGuard Dimension?What is WatchGuard Dimension?
Secure and centralized logging, visibility, and reporting for XTM devices and WatchGuard servers• New ways to visualize network data
• Dashboards with simple drill-down into detailed log and report information
• Customizable reports that can be emailed to different roles in the organization
• Complements Web UI visibility tools in XTM OS v11.8
• Reports available after first summary report period (5 minutes)
• All reports are ‘on demand’ all the time
Cloud-ready zero-installation deployment• Delivered as a virtual appliance for ESXi (.ova)
• Running on 64-bit Linux
• Driven by Postgres 9.2
• Web interface supports most desktop and mobile browsers
WatchGuard Training 44
What is Dimension? — ArchitectureWhat is Dimension? — Architecture
Log Collector — Receives logs from devices, aggregates data Web Services — Serves web application to users and
administrators Log Server — Provides API for log data, provisioning, and
automated maintenance Database — Persistent storage for log and report data
WatchGuard Training 55
Deploy WatchGuard DimensionDeploy WatchGuard Dimension
WatchGuard Training 66
Deployment — Requirements Deployment — Requirements
WatchGuard Dimension is distributed as an .ova file for installation on VMware ESXi 5.x.• Your ESXi host must support 64-bit guest operating systems
• WatchGuard Dimension has been primarily tested on VMWare ESXi hypervisors. It can also be installed in VMware Workstation, Player, Fusion environments, which is a great option for training and demonstration.
• WatchGuard is not currently available on any non-VMware hypervisors. WatchGuard Dimension is available on the Software Downloads
pages with the downloads for XTM devices.1.Log in to WatchGuard.com2.Browse to Articles & Software3.Filter by Software Downloads (excluding Articles and Known Issues)
WatchGuard Training 77
DeploymentDeployment
After downloading the WatchGuard Dimension virtual appliance (.ova) connect to your ESXi host with vSphere.
From the File menu, select Deploy OVF Template.
WatchGuard Training 88
DeploymentDeployment
Browse to the downloaded WatchGuard Dimension OVA and select that as your source.
WatchGuard Training 99
DeploymentDeployment
Confirm the OVF Template Details and Accept the EULA.
WatchGuard Training 1010
DeploymentDeployment
Choose a name and disk format for this VM.
WatchGuard Training 1111
DeploymentDeployment
Map the virtual network adapter to the appropriate destination network.
Note:• WatchGuard Dimension’s network adapter defaults to DHCP.
• You will need a DHCP server on the network for Dimension to receive an IP address and access the setup wizard web interface.
WatchGuard Training 1212
DeploymentDeployment
Confirm the deployment settings. Note the disk allocation defaults to 43GB.
• 3GB for OS drive (disk 1)
• 40GB for Data drive (disk 2)
Power on after deployment if youwant to keep the default settings.
WatchGuard Training 1313
DeploymentDeployment
Changing the provisioned size of Hard disk 2 before boot (or reboot) will result in more storage for logging and reports.
Other defaults include:• 2GB of RAM
• 2 CPUs (2 sockets, 1 core each)
WatchGuard Training 1414
DeploymentDeployment
Notes:• The Dimension VM is deployed by default with a data disk size of 40GB.
• The data disk is fully reserved for the log database and the related overhead space required by Postgres.
• After the Dimension VM is deployed, the data disk size cannot be reduced.
• To limit the size to be less than 40GB and avoid data loss, you must remove and re-add Hard disk 2 before you power on the VM for the first time.
WatchGuard Training 1515
DeploymentDeployment
Once your VM is powered on, you see the IP address assigned to Dimension through DHCP.
Use this this IP address tomake an HTTPS connectionto Dimension and start theDimension Setup Wizard.
WatchGuard Training 1616
Configure WatchGuard DimensionConfigure WatchGuard Dimension
WatchGuard Training 1717
Configuration — RequirementsConfiguration — Requirements
WatchGuard Dimension supports these web browsers:• Firefox v22 and later
• Internet Explorer 9 and later
• Safari 5 and later
• Safari on iOS 6 and later
• Chrome v29 and later You should be able to successfully use WatchGuard Dimension on
most mobile phone and tablet devices. Connect to Dimension in a web browser at https://<dimension-IP-
address>
WatchGuard Training 1818
Configuration — Setup WizardConfiguration — Setup Wizard
Accept the securitywarning to continue to connect to WatchGuard Dimension.
WatchGuard Training 1919
Configuration — Setup WizardConfiguration — Setup Wizard
Log in with these credentials:• User Name: admin
• Password: readwrite
WatchGuard Training 2020
Configuration — Setup WizardConfiguration — Setup Wizard
Make sure you have this information before you start the Setup Wizard:• Host name
• IPv4 address and settings for the eth0 interface
• Administrator passphrase
• Log Server Encryption Key
WatchGuard Training 2121
Configuration — Setup WizardConfiguration — Setup Wizard
Specify the host namefor Dimension
Select the IP address method: • Static
• DHCP For a static IP address,
we recommend that you specify an IPv4 address.
WatchGuard Training 2222
Configuration — Setup WizardConfiguration — Setup Wizard
Set the Administrator Passphrase to use to connect to Dimension and manage the Dimension servers.
The Administrator Passphrase must have a minimum of 8 characters.
WatchGuard Training 2323
Configuration — Setup WizardConfiguration — Setup Wizard
Set the Log ServerEncryption Key.
WatchGuard Training 2424
Configuration — XTM DevicesConfiguration — XTM Devices
WatchGuard Dimension can accept log messages and generate reports for any device that runs Fireware XTM OS.
WatchGuard Dimension can also accept log messages from a WatchGuard Management Server or Quarantine Server.• On an XTM device, use the IP address and Encryption Key from
WatchGuard Dimension when you configure the WatchGuard Log Server settings.
• On WatchGuard servers, use the same IP address and Encryption Key in the Logging settings.
In some environments you may be NATing the HTTPS and WatchGuard Logging connections through your XTM device. This changes the IP address you use to connect to WatchGuard Dimension or where you send WatchGuard Logging connections.
WatchGuard Training 2525
Configuration — After the Wizard…Log InConfiguration — After the Wizard…Log In
Multiple “Super administrator users” can be logged in at the same time
Configuration pages have modes:• RO (Read-Only)
• RW (Read-Write)
WatchGuard Training 2626
Configuration — After the Wizard…Manage ServicesConfiguration — After the Wizard…Manage Services
The Manage Services drop-down list includes the menu options to configure settings for Dimension:• Schedule Reports
• Manage the Log Server
• Manage the Log Database
• Manage user accounts
• Configure System Settings
WatchGuard Training 2727
Configuration — System SettingsConfiguration — System Settings
Configure System and Network settings
Manage certificates System Maintenance
• Reboot
• Upgrade
• Restore Factory default!!!!
• Diagnostic Tools View Connected Users
WatchGuard Training 2828
Configuration — User ManagementConfiguration — User Management
Manage Users and Roles• Add, edit, or remove users
• Apply roles: RO – View-only RW – Read-write
Active Directory Settings• Enable Active Directory
Authentication
• Specify an Active Directory Server
WatchGuard Training 2929
Configuration - UsersConfiguration - Users
Add/Edit User:• Types:
Local Active Directory
• Specify password
• Select Roles
• Select Devices
WatchGuard Training 3030
Configuration — UsersConfiguration — Users
Role policy same as WSM• User + List of roles + List of Devices
User authentication similar to WSM:• Local user, AD user, AD Group
• AD requires DNS to resolve DCs by internal domain name Built-in roles only (no custom roles)
• Super Administrator Full access
• Report Administrator View logs View reports Manage scheduled reports and groups
• View Logs
• View Reports Applied to a list of devices
WatchGuard Training 3131
Configuration — Logging Server ManagementConfiguration — Logging Server Management
On the Status page:• View the status of
the Log Server
• Stop and start theLog Server
WatchGuard Training 3232
Configuration — Logging Server ManagementConfiguration — Logging Server Management
On the Configuration > General page, you configure these settings for the Log Server:• Change the Encryption Key
• Specify the log data deletion settings
• Back up and restore the Log Server database
WatchGuard Training 3333
Configuration — Logging Server ManagementConfiguration — Logging Server Management
On the Configuration > Notifications page, configure the settings for email:• Failure Events
• Device Events
• Message Purge Must be configured to send
scheduled reports
WatchGuard Training 3434
Configuration — Logging Server ManagementConfiguration — Logging Server Management
On the Configuration > Notifications page, configure the settings for reports:
Report Customizationsare templates to apply toreport PDFs:• Header
• Footer
• Logo Configure settings for
ConnectWise Integration
WatchGuard Training 3535
Configuration — Logging Server ManagementConfiguration — Logging Server Management
On the Diagnostics page, you can use these diagnostic tools:• Purge diagnostic logs
• Backup/Restore Log Serverdatabase
• View Process List
• View Log Server log messages
• View Log Collector log messagess
WatchGuard Training 3636
Configuration — Schedule ReportsConfiguration — Schedule Reports
Report Schedules• RO — View only
• RW — Add/Edit/Removescheduled reports
Before scheduled reports can be sent, an SMTP server must be configured in the Notifications settings
WatchGuard Training 3737
Configuration — Schedule ReportsConfiguration — Schedule Reports
Schedule General settings• Name
• Descripton (optional)
WatchGuard Training 3838
Configuration — Schedule ReportsConfiguration — Schedule Reports
Device Selection• Devices:
All Devices Specify Devices
• Servers: All Servers Specify Servers
WatchGuard Training 3939
Configuration — Schedule ReportsConfiguration — Schedule Reports
Recipient Selection• Must add at least
one recipient
WatchGuard Training 4040
Configuration — Schedule ReportsConfiguration — Schedule Reports
Report Selection• Report Types
• Timezone For report display
purposes only.Web-based reports appear in the browser/OS time zone.
• Customization
• Aggregation Single (per device) Combined (grouped
devices)
• Frequency
WatchGuard Training 4141
Configuration — New Summary ReportsConfiguration — New Summary Reports
Schedule two new Reports:• Executive Summary
• Web Traffic Summary Both new reports are available as scheduled reports that you can
send to specific email addresses. Both reports can use any Report Customization (report template)
that you create.
WatchGuard Training 4242
Configuration — Executive Summary ReportConfiguration — Executive Summary Report
Executive Summary report• Sent as a PDF file
• Specify a logo, header, and footer to customize the report
WatchGuard Training 4343
Configuration — Web Traffic Summary ReportConfiguration — Web Traffic Summary Report
Web Traffic Summary report• Sent as a PDF file
• Specify a logo, header, and footer to customize the report
• Report includes the Top Domains chart with the Web Categories (in a pie chart), and removes any byte counts or tabular information
WatchGuard Training 4444
Use WatchGuard DimensionUse WatchGuard Dimension
WatchGuard Training 4545
Use WatchGuard DimensionUse WatchGuard Dimension
To get the most out of Dimension, make sure to:• Select Enable logging for reports in proxy actions on your XTM
devices and WatchGuard Servers.
• Enable logging of Allowed Packets in all policies.
• Configure your XTM devices and WatchGuard servers to send all log messages to your Dimension Log Server.
WatchGuard Training 4646
Use WatchGuard DimensionUse WatchGuard Dimension
WatchGuard Training 4747
Log Messages Reports Dashboards
Packet Filter Allowed Logs Web, Packet Filter, Top Client, Application Control Executive, Threat Map, FireWatch
Packet Filter Denied Logs
Web, Packet Filter, Denied Packet, Top Client, Application Control Security, Threat Map
Intrusion Prevention Logs IPS, Denied Packet Security, Threat Map
Log when configuration has changed Authentication, Audit
All Proxies: ‘Enable logging for reports’ GAV, IPS, SPAM, Application ControlExecutive, Security, Threat Map, FireWatch
HTTP Proxies: ‘Enable logging for reports’ Web, Firebox Statistics, REDExecutive, Security, Threat Map, FireWatch
FTP Proxies: ‘Enable logging for reports’ Firebox StatisticsExecutive, Security, Threat Map, FireWatch
SMTP Proxies: ‘Enable logging for reports’ SMTP, Firebox StatisticsExecutive, Security, Threat Map, FireWatch
POP3 Proxies: ‘Enable logging for reports’ POP3, Firebox StatisticsExecutive, Security, Threat Map, FireWatch
Any alarms GAV, Alarms
Executive DashboardExecutive Dashboard
Top 10• Clients
• Domains
• URL Categories
• Destinations
• Applications
• Application Categories
• Protocols Click a summary to
expand it and see more detail.
WatchGuard Training 4848
Security DashboardSecurity Dashboard
Top 10 Blocked• Clients
• Destinations
• URL Categories
• Applications
• Application Categories
• Protocols IPS Signatures Gateway Anti-Virus Click a summary to
expand it and see moredetail.
WatchGuard Training 4949
Threat MapThreat Map
Denied Packets(Blocked)
Intrusion PreventionService
Web Traffic Application Control All Traffic
WatchGuard Training 5050
FireWatchFireWatch
Sort by:• Source
• Destination
• Domains
• Application
• WebBlocker
• Protocol Pivot on:
• Bytes (Not available for packet filter traffic prior to XTM OS v11.8)
• Connections Hover for more detail:
• Filter further
• Show connections
WatchGuard Training 5151
Log ManagerLog Manager
Log messages stored in UTC time
Appears in your web browser’s local time
WatchGuard Training 5252
Log SearchLog Search
Run simple or complex search queries to refine the log messages that appear for the selected XTM device.
Filter the search resultsby log message type:• Traffic
• Alarm
• Event
• Diagnostic
• Statistic
• All
WatchGuard Training 5353
Other Available ReportsOther Available Reports
The same reports areavailable that werepreviously available on your WatchGuard Report Server
Select options to pivoton from the pivotdrop-down list
Export the report to a PDF file
WatchGuard Training 5454
Support WatchGuard DimensionSupport WatchGuard Dimension
WatchGuard Training 5555
Dimension Support — Console AccessDimension Support — Console Access
vSphere console shows command line access Login with wgsupport/readwrite (must change the password on
initial login)• Account restricted to only change the IP address
• To set a static IP address, use the command wg_ip_addr.sh, located in /opt/watchguard/dimension/bin. For example, to set a static IP address of 192.168.24.101 on network 192.168.24.0/24 with gateway 192.168.24.1, type: /opt/watchguard/dimension/bin/wg_ip_addr.sh -i 192.168.24.101 -m 24 -g 192.168.24.1
• When given without any options, or with the option --help, the command displays help text.
Support Access for Diagnostics is available with a connection restricted by a client-side certificate.
WatchGuard Training 5656
Dimension Support — Known LimitationsDimension Support — Known Limitations
No external database Local Backup/Restore No host name resolution Cannot import log files to Dimension Certificates must use CSR
• No external private key
WatchGuard Training 5757
Thank You!Thank You!
WatchGuard Training 5858